Contextual policy-based access with Amazon WorkSpaces

Amazon WorkSpaces is a managed, secure cloud desktop service. With Amazon WorkSpaces, your users get a fast, responsive desktop of their choice that they can access anywhere, anytime, from any supported device.

Amazon WorkSpaces supports a minimum of 3 authentication requirements including a directory unique registration code, username and password. This can be enhanced with MFA and client-side corporate certificates. Additionally, customers can “whitelist” IP address so that users can only connect from known networks.

For many customers these services included authentication mechanisms are sufficient to protect access to corporate Amazon WorkSpaces. For enterprise customers and those with a more advanced security requirements there is a need for additional protection. deviceTRUST offers customers of Amazon WorkSpaces the ability to apply policy based, contextually aware access controls to user desktops and applications. Occurring immediately after user authentication, deviceTRUST enforces the more advanced security requirements for your enterprise.

Watch our conditional access use case videos

Check out how deviceTRUST provides contextual policy-based access to either allow or deny access to the Amazon WorkSpaces.

Conditional access from a secure endpoint

Conditional access from a validated network

To meet the corporate compliance requirements, users are required to access Amazon WorkSpaces if the endpoint uses a validated network connection.

Conditional access from corporate endpoints

To meet the corporate compliance requirements, users must access Amazon WorkSpaces from corporate endpoints, not from their personal devices.

Conditional access from authorized countries

To meet the corporate regulatory requirements, users are required to access Amazon WorkSpaces only from authorized countries.

Conditional access from a secure Wi-Fi connection

To meet the corporate security requirements, users are required to access Amazon WorkSpaces if the endpoint uses a secure WPA2 or WPA3 encrypted Wi-Fi connection.

Conditional access from endpoints that are not remote controlled

To meet the corporate regulatory requirements, users must not be accessing Amazon WorkSpaces from an endpoint that is remote controlled.

Conditional access from endpoints that are not virtualized

To meet the corporate compliance requirements, users must not access Amazon WorkSpaces from an endpoint that is virtualized.

Watch our conditional application access use case videos

Check out how deviceTRUST provides contextual policy-based access for installed applications and data within the Amazon WorkSpaces.

Conditional application access from a validated network

To meet the corporate compliance requirements, users are required to access the ‘Business Application’ within Amazon WorkSpaces if the endpoint uses a validated network connection.

Conditional applications access from corporate endpoints

To meet the corporate compliance requirements, users are required to access a ‘Business Application’ within Amazon WorkSpaces from corporate endpoints only.

Conditional application access from authorized countries

To meet the corporate regulatory requirements, users are required to access the ‘Business Application’ within Amazon WorkSpaces only from endpoints located within an authorized country.

Conditional application access from a secure Wi-Fi connection

To meet the corporate security requirements, users are required to access the ‘Business Application’ within Amazon WorkSpaces if the endpoint uses a secure WPA2 or WPA3 encrypted Wi-Fi connection.

Watch our product features use case videos

Check out how deviceTRUST provides contextual policy-based support for Microsoft Group Policies (GPO) within Amazon WorkSpaces and how Double-Hop scenarios can be supported.

Automatically configured session screen saver

To meet the corporate security requirements and to improve user experience, a secure screen saver within Amazon WorkSpaces is required only if the endpoint doesn’t have a secure screen saver.

Double-Hop support

To meet the corporate regulatory requirements, some business applications are not allowed to be installed on Amazon WorkSpaces, only on the on-premise environment. To access these business applications, users need to connect from within Amazon WorkSpaces back to the on-premise environment. To meet this requirement, the context of the users’ endpoint needs to be available to Amazon WorkSpaces and within the on-premise environment.